[added,to,the,4.1,stable,tree] ALSA: hda/ca0132 - fix possible NULL pointer use

Message ID 20180301152116.1486-438-alexander.levin@microsoft.com
State New
Headers show
  • [added,to,the,4.1,stable,tree] ALSA: hda/ca0132 - fix possible NULL pointer use
Related show

Commit Message

Sasha Levin March 1, 2018, 3:27 p.m.
From: Arnd Bergmann <arnd@arndb.de>

This patch has been added to the 4.1 stable tree. If you have any
objections, please let us know.




[ Upstream commit 46a049dae771b95e77ac6c823330f4a60f600236 ]

gcc-7 caught what it considers a NULL pointer dereference:

sound/pci/hda/patch_ca0132.c: In function 'dspio_scp.constprop':
sound/pci/hda/patch_ca0132.c:1487:4: error: argument 1 null where non-null expected [-Werror=nonnull]

This is plausible from looking at the function, as we compare 'reply'
to NULL earlier in it. I have not tried to analyze if there are constraints
that make it impossible to hit the bug, but adding another NULL check in
the end kills the warning and makes the function more robust.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
 sound/pci/hda/patch_ca0132.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sound/pci/hda/patch_ca0132.c b/sound/pci/hda/patch_ca0132.c
index 0374bd5b61c8..1fb951225318 100644
--- a/sound/pci/hda/patch_ca0132.c
+++ b/sound/pci/hda/patch_ca0132.c
@@ -1452,6 +1452,9 @@  static int dspio_scp(struct hda_codec *codec,
 		} else if (ret_size != reply_data_size) {
 			codec_dbg(codec, "RetLen and HdrLen .NE.\n");
 			return -EINVAL;
+		} else if (!reply) {
+			codec_dbg(codec, "NULL reply\n");
+			return -EINVAL;
 		} else {
 			*reply_len = ret_size*sizeof(unsigned int);
 			memcpy(reply, scp_reply.data, *reply_len);